From dd0cc6bd7522bc85ca6980f257a7a5ae1f37653f Mon Sep 17 00:00:00 2001 From: Mark Crane Date: Sat, 21 Mar 2015 03:23:44 +0000 Subject: [PATCH] Update dialplan edit adjust to ensure the dialplan is able to be viewed correctly and validate the uuid with is_uuid. --- app/dialplan/dialplan_edit.php | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/app/dialplan/dialplan_edit.php b/app/dialplan/dialplan_edit.php index 2c7d5523aa..f209bbce71 100644 --- a/app/dialplan/dialplan_edit.php +++ b/app/dialplan/dialplan_edit.php @@ -51,16 +51,18 @@ else { $text = $language->get(); //set the action as an add or an update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $dialplan_uuid = check_str($_REQUEST["id"]); + $dialplan_uuid = $_REQUEST["id"]; } else { $action = "add"; } //get the app uuid - $app_uuid = check_str($_REQUEST["app_uuid"]); + if (is_uuid($_REQUEST["app_uuid"])) { + $app_uuid = $_REQUEST["app_uuid"]; + } //get the http post values and set them as php variables if (count($_POST) > 0) { @@ -172,12 +174,11 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { //pre-populate the form if (count($_GET) > 0 && $_POST["persistformvar"] != "true") { - $dialplan_uuid = $_GET["id"]; - $orm = new orm; - $orm->name('dialplans'); - $orm->uuid($dialplan_uuid); - $result = $orm->find()->get(); - //$message = $orm->message; + $sql = "select * from v_dialplans "; + $sql .= "where dialplan_uuid = '$dialplan_uuid' "; + $prep_statement = $db->prepare(check_sql($sql)); + $prep_statement->execute(); + $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); foreach ($result as &$row) { $domain_uuid = $row["domain_uuid"]; //$app_uuid = $row["app_uuid"];